[Bug 271418] devel/ocaml-opam: strange certificate problem
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271418] devel/ocaml-opam: strange certificate problem"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 14 May 2023 16:54:09 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271418
Bug ID: 271418
Summary: devel/ocaml-opam: strange certificate problem
Product: Ports & Packages
Version: Latest
Hardware: arm64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs@FreeBSD.org
Reporter: alexey@ocaml.nl
CC: hannes@mehnert.org
CC: hannes@mehnert.org
Flags: maintainer-feedback?(hannes@mehnert.org)
I have FreeBSD 13.2 / arm64 machine in the cloud. Recently it has developed a
strange problem: opam update does not work anymore (it was before):
❯ opam update
<><> Updating package repositories
><><><><><><><><><><><><><><><><><><><><><><>
[ERROR] Could not update repository "default": OpamDownload.Download_fail(_,
"Download command failed: \"/usr/bin/fetch -o
/tmp/opam-1764-d4375b/index.tar.gz.part --user-agent opam/2.1.2 --
https://opam.ocaml.org/index.tar.gz\" exited with code 1
\"5612291346432:error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify
failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:\"")
Indeed, fetch fails:
❯ fetch https://opam.ocaml.org/index.tar.gz
Certificate verification failed for
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=scw-serene-panini/emailAddress=root@scw-serene-panini
109905102000128:error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify
failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://opam.ocaml.org/index.tar.gz: Authentication error
OpenSSL produces something that does not look good and is vastly different from
my home FreeBSD / amd64 machines:
CONNECTED(00000004)
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU =
SomeOrganizationalUnit, CN = scw-serene-panini, emailAddress =
root@scw-serene-panini
verify error:num=18:self signed certificate
verify return:1
depth=0 C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU =
SomeOrganizationalUnit, CN = scw-serene-panini, emailAddress =
root@scw-serene-panini
verify return:1
---
Certificate chain
0 s:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU =
SomeOrganizationalUnit, CN = scw-serene-panini, emailAddress =
root@scw-serene-panini
i:C = --, ST = SomeState, L = SomeCity, O = SomeOrganization, OU =
SomeOrganizationalUnit, CN = scw-serene-panini, emailAddress =
root@scw-serene-panini
---
...
Just in case I have tried to remove /usr/local/etc/ssl/cert.pem and reinstall
security/ca_root_nss, to no avail (pkg works).
I have another machine (albeit Ubuntu / amd64) in the same cloud, where openssl
returns the same result as above, and opam update works. What am I doing wrong?
❯ opam --version
2.1.2
❯ uname -a
FreeBSD tuathal 13.2-RELEASE FreeBSD 13.2-RELEASE
releng/13.2-n254617-525ecfdad597 GENERIC arm64
--
You are receiving this mail because:
You are the assignee for the bug.